Quality is delighting customers
To prevent all of the above security testing threats/flaws and perform security testing on a web application, it is required to have good knowledge of the HTTP protocol and an understanding of client (browser) – server communication through HTTP. Also, basic knowledge of SQL injection and XSS is required. The following techniques will help in performing quality security testing:
Cross Site Scripting (XSS):
The tester should additionally check the web application for XSS (Cross site scripting). Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application. If it is, the application can be prone to an attack by Cross Site Scripting.
Cross Site Scripting Testing can be done for:
Ethical hacking means hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypass the system security and search for any vulnerability that could be exploited by malicious hackers aka Black hats. White hats may suggest changes to systems that make them less likely to be penetrated by black hats.
Password cracking is the most critical part while doing system testing. In order to access the private areas of an application, hackers can use a password cracking tool or can guess a common username/password. Common usernames and passwords are easily available online along with open source password cracking applications. Until a web application enforces a complex password (e.g. a long password with a combination of numbers, letters, and special characters), it is easy to crack the username and password. Another way of cracking the password is if username/password is to target cookies if cookies are stored without encryption.
A penetration test is an attack on a computer system with the intention of finding security loopholes, potentially gaining access to it, its functionality and data.
This is a process of assessing and deciding on the risk involved with the type of loss and the possibility of vulnerability occurrence. This is determined within the organization by various interviews, discussions and analysis.
A security audit is a systematic evaluation of the security of a company’s information system by measuring how well it conforms to a set of established criteria.
This is a program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application, OS and Networks.
The next thing that should be checked is SQL injection. Entering a single quote (‘) in any textbox should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query which is then executed by the application. In such a case, the application is vulnerable to SQL injection.
SQL injection attacks are very critical as attackers can get vital information from the server database. To check SQL injection entry points into your web application, find out code from your code base where direct MySQL queries are executed on the database by accepting some user inputs.
SQL Injection Testing can be done for:
The automated computer program to proactively identify security vulnerabilities of computing systems in a network to determine where a system can be exploited and/or threatened.
This describes the overall security posture of an organization; it is a combination of Ethical hacking, Security scanning and Risk Assessment.
URL manipulation through HTTP GET methods:
HTTP GET method is used between application client and server to pass on the information. The tester needs to verify if the application is passing vital information in the query string. The information via HTTP is passed in parameters in the query string. To test this, a parameter value can be modified in the query string to check if the server accepts it.
Generally user information is passed through HTTP GET request to the server for either authentication or fetching data. Hackers can manipulate the input of this GET request to the server so that the required information can be gathered or to corrupt the data. Any abrupt behavior of application or web server, in such condition, is the key for a hacker to slip into the application.
Let’s discuss what all steps to prepare while preparing and planning for Security testing:
Software Security testing is a process that is performed with the intention of revealing flaws in security mechanisms and finding the vulnerabilities or weaknesses of software applications. These days, security testing has become a critical part in software testing companies.
Security testing has the following characteristics:
Here are various types of threats which can be used to expose security vulnerability.
1. SQL Injection
SQL injection is the most common application layer attack technique, in which malicious SQL statements are inserted into an entry field for execution.It is a type of attack which takes the advantage of loopholes present in the implementation of web applications that allows a hacker to hack the system. To check the SQL injection, we have to take care of input fields like text boxes, comments, etc. To prevent injections, special characters should be either properly handled or skipped from the input.
2. Unauthorized Data Access
One of the more popular types of attacks is gaining unauthorized access to data within an application. It includes:
- Unauthorized access to data via data-fetching operations
- Unauthorized access to reusable client authentication information by monitoring the access of others
- Unauthorized access to data by monitoring the access of others
3. URL Manipulation
URL manipulation is the process of manipulating the website URL query strings & capture of the important information by hackers. This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it.
4. Data Manipulation
In data manipulation, a hacker changes data used by a website in order to gain some advantage or to embarrass the website’s owners. Hackers will often gain access to HTML pages and change them to be satirical or offensive.
5. Identity Spoofing
Identity spoofing is a technique where a hacker uses the credentials of a legitimate user or device to launch attacks against network hosts, steal data or bypass access controls. Preventing this attack requires IT-infrastructure and network-level mitigations.
6. Cross-Site Scripting (XSS)
Cross-site scripting is a computer security vulnerability found in web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users and trick a user into clicking on that URL. Once executed by the other user’s browser, this code could then perform actions such as completely changing the behavior of the website, stealing personal data, or performing actions on behalf of the user.
Scoping is a deep dive into the application prior to testing in order to inform the tester and give them an advantage against other testers and even hackers who know nothing about the application.
Scoping answers so many questions regarding an application security test that I like to think of it as the what, when, where, why, and how of an application security testing. Let’s walk through each of these and discuss how to get the most of a scoping session with your client.